R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
35
TCP proxy configuration example
Network requirements
As shown in Figure 42, configure bidirectional TCP proxy on Firewall to protect Server A, Server B, and
Server C against SYN flood attacks. Add a protected IP address entry for Server A and configure
dynamic TCP proxy for the other servers.
Figure 42 Network diagram
Configuration procedure
# Assign IP addresses for the interfaces and then add interface GigabitEthernet 1/1 to zone Untrust, and
GigabitEthernet 1/2 to zone Trust. (Details not shown.)
# Set the TCP proxy mode to bidirectional and enable TCP proxy for zone Untrust.
• Select Intrusion Detection > TCP Proxy > TCP Proxy Configuration from the navigation tree. Select
the bidirectional mode and enable TCP proxy for zone Untrust as shown in Figure 43.
Figure 43 Selecting the bidirectional
mode and enabling TCP proxy for zone Untrust
• Select Bidirection for the global setting.
• Click Apply.
• In the Zone Configuration area, click Enable for the Untrust zone.
# Add an IP address entry manually for protection.
• Select Intrusion Detection > TCP Proxy > Protected IP Configuration from the navigation tree. Then
on the right pane, click Add. Add an IP address entry for protection as shown in Figure 44.